+ Reply to Thread
Results 1 to 11 of 11
  1. Junior Member
    Join Date
    Nov 2016
    Posts
    21
    #1

    Star award Seeking Advice/Suggestions

    Hi all,

    I recently started pursing the information security field and looking to get your input to see if I'm on the right track. If not, could you please help me so I can start working towards my long-term goals.

    Last year, I successfully passed Compita Sec+ and Linux+ exams and currently looking for an entry/junior level position in infosec field. My current role, DBA, doesn't help me much with my long-term goals, neither does it help me grow in the field unfortunately. I'm trying to do everything possible during my leisure time to learn and understand this field better and how best to approach it.

    As of right now, below are my goals for 2017 and 2018 and then perhaps in 2019/2020.

    2017: Pass CCNA: Security or CCNA R&S -- I'm not sure which one would align better, but I'm assuming it'll be CCNA: Sec.
    2017: Become CE|H Certified

    2018: Pass GSEC exams

    2019/2020: Pass CISSP exam


    Any input/thoughts would be greatly appreciated.

    Thank you!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    419

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #2
    Infosec is a diverse field, what do you want to do in it? Analyst is different from auditor which is different from Red Team which is different from Blue Team. Then there's the whole piece about having an infosec role within a larger project.
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Nov 2016
    Posts
    21
    #3
    EANx, I'm leaning towards the Security Analyst role.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2006
    Posts
    1,935

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #4
    Quote Originally Posted by espi_251 View Post
    EANx, I'm leaning towards the Security Analyst role.
    Security analysts in medium/large size organizations will never touch switches, routers or firewalls. They will not do vulnerability remediations either. Most likely you will look at the logs from the security tools, do research and provide recommendations. Security Engineers on the other hand are the ones that do all the hands on work.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Nov 2016
    Posts
    21
    #5
    TheFORCE, I get that, but most of the job descriptions I've come across prefers one or two of the certifications I mentioned above. I might not know exactly what I want out of this field until I get in there, but I believe I'm on the track.

    I didn't realize getting an entry/junior level role as information security analyst or cyber security analyst would be this difficult. Most of the job descriptions are ridiculous and asking for years of experience in the field for a junior level role.

    You and EANx obviously have much more in-depth understanding of this field than I do at this point, but I'd like to ask you what you would do if you were in my shoes, someone with no experience in information security field and looking to get into it.
    Last edited by espi_251; 03-28-2017 at 06:48 PM.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2006
    Posts
    1,935

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #6
    Certifications are good and they will help you but you need to get your feet wet and get some experience first. The reason the job descriptions seem ridiculous is because people usually transition to infosec from other roles where they got some experience. Try to get a job that will get you some experience first and will expose you in different infosec areas. Formating your resume and restructuring for inosec jobs also helps. People here can help review your resume also, point is, ypu have to try until you get something.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Nov 2016
    Posts
    21
    #7
    I completely agree with getting my feet wet in this field and that's the plan. It's funny I was just going through the resume section of this forum and I was thinking about posting mine there to get some feedback. I definitely need to tailor my resume to infosec jobs, but simultaneously I do not want put something on there that is not true.

    Thank you though for taking the time to post!
    Last edited by espi_251; 03-28-2017 at 08:57 PM.
    Reply With Quote Quote  

  9. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,156

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #8
    Quote Originally Posted by espi_251 View Post
    I definitely need to tailor my resume to infosec jobs, but simultaneously I do not want put something on there that is not true.
    Try putting some alternative facts on there.
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Nov 2016
    Posts
    21
    #9
    Quote Originally Posted by E Double U View Post
    Try putting some alternative facts on there.
    Hahahaha! Now that's funny!
    Reply With Quote Quote  

  11. Cisco R00t Clan Member NOC-Ninja's Avatar
    Join Date
    Feb 2011
    Location
    R00t
    Posts
    1,341

    Certifications
    CCIE-Wireless, CCIE-RS (written), CCNP-Wireless, CCNP, CCNA-Wireless, CCNA-Security, CCNA, CEH, CHFI
    #10
    If there is a SOC at your work then I would talk to them and ask them if you can help for FREE. This will get you expose right away and you can put that in your resume.
    Its very hard to get into infosec unless you know someone that works in it and they recommend you. Some are just pure luck. However, I have never met anybody that was pure luck. Usually it comes to the point that they were there for a long time and they got drag to that infosec position.

    Now depending on infosec positions. Enterprise usually have guys that deal with incident, looking at the logs, pen testers, and then you have the engineers that deal with VPN/Firewall. The incident handlers usually dont touch vpn/firewall. I dont even think they get paid well than the vpn/firewall guys.

    If you dont have any connections, I recommend that you go to meetup.com and meet IT guys that actually work in the field. You can always get CISSP. I heard people get good infosec jobs after they get that.
    MSISA
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Nov 2016
    Posts
    21
    #11
    Ninja, I think you might be right, but I have to keep applying and hope one of the companies will take a chance on me. As for CISSP, I do not qualify to sit down for this exam as one of the prerequisites for the exam is to have 5 years of experience in infosec or 4 years of experience with Sec+ certification.

    I'm pursing certifications as a way to get in somehow and then learn & grow on the job.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks